A critical flaw in Whatsapp allowed attackers to remotely install spyware on the user’s phone by simply making a WhatsApp call.
In May the company discovered that attackers were exploiting this flaw to install surveillance software on to some targeted devices by just making a WhatsApp audio call to that device.
The flaw tracked as CVE-2019-3568 is a buffer overflow vulnerability exist in the WhatsApp VOIP stack which allows remote code execution via specially crafted series of SRTCP packets sent to the target phone number.
According to Financial Times, the spyware was developed by the secretive Israeli company NSO Group which can be installed even if the user didn’t attend the call and steal data from the targeted device.
The spyware is also capable of erasing incoming call data making it difficult for users to find out about the intrusion.
Security Researchers at the University of Toronto’s Citizen Lab said that they believe the spyware attack against the UK-based human rights lawyer on Sunday was using this method.
Earlier there were reports of many human rights campaigners in the Middle East received text messages containing links to download Pegasus spyware to their devices.
NSO’s Pegasus spyware product allows attackers to access the camera, microphone, text messages, emails, contacts, WhatsApp messages and call logs remotely without the user’s knowledge.
Whatsapp is currently investigating the issue and the exact number of affected WhatsApp users is still unknown.
Whatsapp said they have notified the US Department of Justice about the issue last week.
According to the advisory published by Facebook, the vulnerability affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Whatsapp has advised all users to update their devices immediately.
You may be interested in reading: New Emotet Trojan Variant Uses Compromised Devices as Proxy C&C Servers